User base device, cryptographic communication system, and cryptographic communication method

ABSTRACT

According to one embodiment, a user base device A has a cryptographic module a key sharing module. The key sharing module restores and disperses a cryptographic key used to generate the encrypted data. The key sharing module includes a quantum cryptographic communication device applicable to a plurality of front ends. The front ends are used to receive dispersed cryptographic key from different routes, and to output dispersed cryptographic key to different routes.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is based upon and claims the benefit of priority fromJapanese Patent Application No. 2022-066919, filed Apr. 14, 2022, theentire contents of which are incorporated herein by reference.

FIELD

Embodiments described herein relate generally to a user base device,cryptographic communication system, and cryptographic communicationmethod.

BACKGROUND

Public key cryptography methods currently available depend on thecomputational security by which data cannot be decoded by conventionalcomputers and algorithms within an available time. In future, however,when quantum computers are widely used, such computational security willnot be secured, and secure communication through conventionalcryptography methods cannot be provided. Thus, quantum cryptographywhich does not depend on the computational security is anticipated as acryptography method with information-theoretic security.

However, in a system using the quantum cryptography, there is arestriction in a distance between users in distant locations to share adirect key because an optical cable is used for such a system. Thus, inorder to extend the communication distance, there is a relayingtechnique for a quantum cryptographic key using intermediate nodes (orrelay nodes). Through the relaying technique, the quantum cryptographickey can be shared between the users in distant locations.

However, quantum key distribution devices using quantum cryptographyprotocol BB84 (hereinafter, BB84QKD devices) are expensive, and userscannot own such expensive devices in a large number.

Therefore, there is a technical concept that delivery of cryptographickey (random number key) from a routing base (key distribution server) toa user base is achieved through the Internet to decrease costs.

However, such a technical concept has such a risk that the cryptographickey (random number key) may be intercept on the Internet, which is aso-called last one mile problem.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates the structure of a quantum cryptographiccommunication system which is a premise of the present invention.

FIG. 2 illustrates the structure of an embodiment of the presentapplication.

FIG. 3 illustrates the structural examples of key sharing modules 102and 202 of FIG. 2 .

FIG. 4 illustrates an example of device arrangement within a base A.

FIG. 5A illustrates an example of device arrangement within a relaynode.

FIG. 5B illustrates an example of device arrangement within a relaynode.

FIG. 6 illustrates the structure of another embodiment of the presentapplication.

FIG. 7 is a flowchart of an example of a process where a cryptographickey is dispersed and allocated to a plurality of paths (routes).

FIG. 8 is a flowchart of an example of a process of collecting keysdispersed in a plurality of routes and restoring the key.

FIG. 9 illustrates a type setting the aforementioned key transmissionroutes, which is a static type.

FIG. 10 illustrates a type setting the aforementioned key transmissionroutes, which is a dynamic type.

FIG. 11 illustrates an example of a combination of a CVQKD device and aBB84QKD device in a relay node and an intermediate node.

FIG. 12 illustrates another example of a combination of a CVQKD deviceand a BB84QKD device in a relay node and an intermediate node.

FIG. 13 illustrates yet another example of a combination of a CVQKDdevice and a BB84QKD device in a relay node and an intermediate node.

FIG. 14 illustrates an example of a method of generation of acryptographic key (random number key) 132 in a key sharing module andencryption of plaintext data 131 in the base A.

FIG. 15 illustrates a method of generation of dispersed cryptographickeys.

FIG. 16A illustrates a method of restoration of dispersed cryptographickeys.

FIG. 16B illustrates a method of restoration of dispersed cryptographickeys together with FIG. 16A.

FIG. 17 illustrates an example of encryption of plaintext data 131 inthe base A.

FIG. 18 illustrates another example of the method of generation ofdispersed cryptographic keys.

FIG. 19A illustrates another example of the method of restoration ofdispersed cryptographic keys.

FIG. 19B illustrates another example of the method of restoration ofdispersed cryptographic keys together with FIG. 19A.

DETAILED DESCRIPTION

Hereinafter, embodiments will be explained with reference to theaccompanying drawings.

In general, according to one embodiment, the present applicationpresents a user base device, cryptographic communication system, andcryptographic communication method with improved security, in which auser base, relay node to deliver a cryptographic key (random number key)used in the user base, and relay node to receive the cryptographic keyfrom the user base are realized with relatively cost-effective QKDdevices (for example, continuous variable QKDs, or CVQKDs).

Furthermore, the present application presents a user base device,cryptographic communication system, and cryptographic communicationmethod in which a plurality of paths (routes) are utilized to disperse acryptographic key (random number key) to transmit dispersed randomnumber keys and to receive the dispersed random number keys where thecryptographic key (random number key) is prevented from being completelyrestored in a halfway through the paths.

FIG. 1 illustrates a structural example of a quantum cryptographiccommunication system which is a premise of the present invention. Inthis example, A is a sender first base (or may be referred to as deviceof user A) and B is a receiver second base (or may be referred to asdevice of user B). Note that the bases A and B are communicable to eachother; however, this example will be explained with the first base Abeing the sender and the second base B being the receiver. The firstbase A and the second base B are connected through an encrypted datatransmission system 300. The encrypted data transmission system 300 isstructured on the Internet.

The first base A includes a processor 100, cryptographic module 101, andkey sharing module 102. The second base B includes a processor 200,cryptographic module 201, and key sharing module 202.

In this example, the key sharing module 102 of the first base A and thekey sharing module 202 of the second base B are each structured with aCVQKD device (or may be referred to as second type QCD device).

The key sharing module 102 of the first base A is connected to a relaynode C through a quantum key delivery path 511. Furthermore, the keysharing module 202 of the second base B is connected to a relay node Dthrough a quantum key delivery path 521.

The relay node C includes a CVQKD device 411 and a BB84QKD device (QKDdevice using quantum cryptographic protocol BB84, and may be referred toas first type QKD device) 442, and the QKD devices can exchange a randomnumber key therebetween.

The relay node D has a similar structure as with the relay node C, andincludes a CVQKD device 444 and a BB84QKD device 443 (first type QKDdevice), and the QKD devices can exchange a random number keytherebetween.

The BB84QKD device 442 of the relay node C and the BB84QKD device 443 ofthe relay node D are connected through the cryptographic keytransmission path 400 which connects intermediate nodes 401 and 402. Theintermediate node 401 includes a BB84QKD device 411 and a BB84QKD device421, and the intermediate node 402 includes a BB84QKD device 411 and aBB84QKD device 422. The cryptographic key transmission path 400distributes quantum cryptographic keys in a so-called nested structure,where distribution is performed such that key A1 is converted into keyA2, and then key A2 is converted into key A3 and finally returned intokey A1. Through such distribution, intercept is prevented and securityis increased.

In the aforementioned system, the key sharing module 102 generates acryptographic key (random number key) 132. The cryptographic module 101uses the cryptographic key (random number key) 132 from the key sharingmodule 102 to encrypt plaintext data 131. Then, the encrypted data 302is transmitted to the second base B through the encrypted datatransmission system 300. Note that the plaintext data 131 is read from amemory device, which is not shown, in the processor 100. Furthermore,the encrypted data 302 is data obtained from an exclusive-or (XOR)operation of the plaintext data 131 and the cryptographic key 132.Furthermore, the encrypted data transmission system 300 is the Internet.

On the other hand, the relay node C receives the cryptographic key(random number key) sent from the key sharing module 102 of the base Aat the CVQKD device 441, then, inputs the key to the BB84QKD device 442,and then, outputs the key from the BB84QKD device 442 to the externalcryptographic key transmission path 400, as a relaying process.

The BB84QKD device 442 outputs a quantum key (optical communicationcryptographic key) to the BB84QKD device 411 of the intermediate node401 of the cryptographic key transmission path 400.

In the intermediate node 401, the random number key from the BB84QKDdevice 411 is received by the BB84QKD device 412. Then, the BB84QKDdevice 412 transmits the random number key to the BB84QKD device 421 ofthe intermediate node 402. In the intermediate node 402, the randomnumber key from the BB84QKD device 421 is received by the BB84QKD device422.

As explained above, the random number key distribution is performedthrough the quantum key delivery by the BB84QKD devices alone in theintermediate nodes 401 and 402 of the cryptographic key transmissionpath 400.

The random number key delivered as above is received by the BB84QKDdevice 443 of the relay node D in the proximity of the base B. Therandom number key received by the BB84QKD device 443 is sent to theCVQKD device 444. The CVQKD device 444 distributes the random number keyto the key sharing module 202 in the base B through the quantum keydelivery path 521.

The key sharing module 202 supplies the cryptographic (random number)key 132 to the cryptographic module 201. The cryptographic module 201performs a decryption operation using the encrypted data 302 obtainedfrom the encrypted data transmission system 300 and the cryptographickey 132 to obtain the original plaintext data 131. The plaintext data istaken by the processor 200.

With the aforementioned system, the first quantum key delivery path 511connects between the first relay node C and the first key sharing module102, wherein the delivery of the cryptographic key is performed usingthe CVQKD devices therein. Similarly, the quantum key delivery path 521connects between the second relay node D and the second key sharingmodule 202, wherein the delivery of the cryptographic key is performedusing the CVQKD devices therein.

As a result, with the aforementioned cryptographic communication systemand the cryptographic communication method, the cryptographic keydelivery within a possible intercept area between the base A and therelay node C is performed through the quantum key delivery path 511, thesecurity performance is high. The same applies to the area between thebase B and the relay node D.

However, there still is a risk even in the structure of FIG. 1 . Thus,the inventors planned to further improve the security performance of theaforementioned cryptographic communication system.

FIG. 2 illustrates an embodiment of the present application. In thepresent embodiment, a possible intercept in a connection line Y1 betweenthe BB84QKD device 442 and the CVQKD device 441 in the relay node C anda possible intercept in a connection line Y2 between the BB84QKD device443 and the CVQKD device 444 in the relay node D are dealt with forbetter security of the cryptographic key.

The same elements as in FIG. 1 are referred to by the same referencenumbers for explanation. The system of FIG. 2 further includes a secondcryptographic key transmission path 600 between the bases A and B.

In this example, the aforementioned cryptographic key transmission path400 will be referred to as first cryptographic key transmission path400, and the cryptographic key transmission path 600 will be referred toas second cryptographic key transmission path 600.

The second cryptographic key transmission path 600 connects a relay node601 and a relay node 602 in series. The relay node 601 includes a CVQKDdevice 611 and a BB84QKD device 612 connected in series. Similarly, therelay node 602 includes a BB84QKD device 621 and a CVQKD device 622connected in series. As a matter of course, multiple intermediate nodesmay be arranged between the relay nodes 601 and 602 as with the firstcryptographic key transmission path 400.

With the aforementioned structure, multiple (two in this example)cryptographic key transmission paths 400 and 600 are provided. Thus, twoCVQKD devices 102 a and 102 b to be connected to the CVQKD devices inthe relay node of each path 400 and 600 are disposed inside the keysharing module 102.

That is, the key sharing module 102 of the base A includes the CVQKDdevice 102 a connected to the CVQKD device 441 of the relay node C(through optical cable 511 a), and the CVQKD device 102 b connected tothe CVQKD device 611 of the relay node 601 of the second cryptographickey transmission path 600 (through optical cable 511 b).

Furthermore, the key sharing module 202 of the base B includes, as withthe structure of the base A, a CVQKD device 202 a connected to the CVQKDdevice 444 of the relay node D (through optical cable 521 a) and a CVQKDdevice 202 b connected to the CVQKD device 622 of the relay node 602 ofthe second cryptographic key transmission path 600 (through opticalcable 521 b).

With the aforementioned structure, a cryptographic key is dispersed atthe sender side and the receiver side, wherein the cryptographic key isshared using a plurality of cryptographic key transmission paths 400 and600. Thus, even if one of the nodes (intermediate nodes and relay nodes)on the cryptographic key transmission paths is attacked, the attackeronly acquires a part of the dispersed cryptographic keys, and thecryptographic key as a whole cannot be acquired. Thus, with theaforementioned structure, users can securely share the cryptographic keyfor secure cryptographic communication.

Note that, a CVQKD device is realized cheaper than a BB84QKD device. TheBB84QKD devices adopt a quantum detector configured to capture light asparticle photons, thus requiring a high performance, and thus areexpensive. On the other hand, the CVQKD devices adopt a conventionaloptical detector configured to capture light as wave intensity, and thusare realized cheaper. Note that, they can be connected through anoptical cable, and can coexist in the same system. The present systemuses the coexistence characteristics, and achieve higher communicationsecurity with lower costs.

FIG. 3 illustrates the structure example of the key sharing module 102of the base A of FIG. 2 as a representative example. In the presentembodiment, two CVQKD devices 102 a and 102 b are connected to adispersion/restoration circuit 102 c. The CVQKD device 102 a isconnected to the relay node C through the optical cable 511 a, and theCVQKD device 102 b is connected to the relay node 601 through theoptical cable 511 b.

The key sharing module 202 of FIG. 2 has the same structure as above,and in the key sharing module 202, CVQKD devices are connected to theoptical cables 521 a and 521 b, respectively.

Thus, the base A and the base B of the present embodiment as a deviceare structured as follows. The user base device A includes acryptographic module 101 to transmit encrypted data and a key sharingmodule 102 to restore or disperse a cryptographic key used to generatethe encrypted data.

The key sharing module 102 includes, in order to deliver a plurality ofcryptographic keys (a plurality of random number keys) dispersed basedfrom the cryptographic key through different routes and to receive thedispersed cryptographic keys sent from the different routes, a pluralityof CVQKD devices 102 a and 102 b quantum connected to a CVQKD device ina relay node provided with a first step of the different routes and adispersion/restoration circuit 102 c of the cryptographic key to whichthe CVQKD devices are connected.

Furthermore, in the aforementioned example, the cryptographiccommunication system is structured as follows. The cryptographiccommunication system includes a first base A and a second base B whichare connected with each other through an encrypted data transmissionsystem. A first relay node C and the first base A are quantum connectedwith each other through CVQKD devices thereof to relay the dispersedcryptographic keys. Furthermore, A second relay not D and the secondbase B are quantum connected with each other through CVQKD devicesthereof to relay the dispersed cryptographic keys. Furthermore, a thirdrelay node 601 and the first base A are quantum connected with eachother through CVQKD devices thereof to relay the dispersed cryptographickeys. Furthermore, a fourth relay node 602 and the second base B arequantum connected with each other through CVQKD devices to relay thedispersed cryptographic keys, wherein

-   -   the first relay node C and the second relay node D are connected        through BB84QKD devices thereof, and the third relay node 601        and the fourth relay node 602 are connected through BB84QKD        devices.

Now, the structure will be explained further with reference to thedevice exterior in each of the blocks (base, relay node, andintermediate node, for example).

FIG. 4 illustrates the structural example of device arrangement in thebase A and the base B. In this example, the base A will be used as arepresentative for explanation. The cryptographic module 101 includes acryptographic communication server 101 a, and the processor 100includes, for example, a personal computer. Furthermore, the key sharingmodule 102 includes CVQKD devices 102 a and 102 b, control server 102 c,and key management server 102 d.

The cryptographic communication server 101 a has a function to encryptplaintext data using a cryptographic key shared by the key managementserve 102 d and a function to transmit the encrypted data to the otherbase B in response to a request of application from the processor 100.

The control server 102 c of the key sharing module 102 collectivelycontrols the whole key sharing module 102. The key management server 102d has a function to share the cryptographic key with the other base B.Furthermore, the key management server 102 d has a function to disperseor restore the cryptographic key as explained above with reference toFIG. 3 .

The CVQKD devices 102 a and 102 b are, as in FIG. 2 or FIG. 3 ,connected to the CVQKD device 441 of the relay node C through theoptical cable 511 a, and the CVQKD device 102 b is connected to theCVQKD device 611 of the relay node 601 through the optical cable 511 b.The same applies to the base B.

FIG. 5A illustrates an example of the device arrangement in the relaynodes C and D. In this example, the relay node C will be used as arepresentative for explanation. The relay node C includes a keymanagement server 461, control server 462, CVQKD device 441, and BB84QKDdevice 442.

The relay node C is a base to fill the last one mile by connecting aCVQKD device and a BB84QKD device. The relay node C includes thecost-effective CVQKD device 441 to be connected to the user base A andthe BB84QKD device 442 to be connected to the BB84QKD device 411 in theintermediate node 401. The connections here are achieved by opticalcables.

The control server 462 has a function to share a quantum key bycommunicating with the user base A using the CVQKD device 441 throughthe optical fiber. Furthermore, the control server 462 has a function toshare a quantum key by communicating with the BB84QKD device 411 of theintermediate node 401 using the BB84QKD device 442 through the opticalfiber.

The key management server 461 has a function to route, through aconventional network, the cryptographic keys (dispersed random numberkeys) to be shared between user bases using a quantum key obtained fromthe control server 462 to a next node (user base, relay node,intermediate node).

FIG. 5B illustrates an example of the device arrangement of theintermediate nodes 401 and 402. In this example, the intermediate node401 will be used as a representative for explanation. The intermediatenode 401 includes a key management server 461, control server 462,BB84QKD device 411, and BB84QKD device 412.

The intermediate node is a base relaying the dispersed cryptographickeys (dispersed random number keys) by the BB84QKD devices 411 and 412.

The control server 462 has a function to share a quantum key using theBB84QKD devices 411 and 412 through the relay node or the intermediatenode and the optical fiber. The key management server 461 has to route,through a conventional network, the cryptographic keys to be sharedbetween user bases using the quantum key obtained from the controlserver 462 to a next node (user base, relay node, intermediate node).

FIG. 6 illustrates another embodiment. In the present embodiment, thecryptographic key (dispersed cryptographic keys) is exchanged between aplurality of user bases through a mesh-type quantum cryptographicdistribution net. The same functioning elements as in the aforementionedembodiment will be referred to by the same reference numbers forexplanation.

In the present embodiment, because of the mesh-type quantumcryptographic distribution net, the number of cryptographic keytransmission routes can be set optionally, and thus, many keytransmission paths (routes) can be established. A setting type of manykey transmission paths (routes) may be a static type or a dynamic type.

The example of FIG. 6 illustrates a three key transmission routesstructure. A case where encrypted data is transmitted from the base A tothe base B will be explained.

A first key transmission route RU1 is structured between a relay nodeRU11 in the base A side and a relay node RU1N in the base B side, and isstructured by the intermediate nodes RU12, RU13, . . . , and RU1 (N−1).

A second key transmission route RU2 is structured between a relay nodeRU21 in the base A side and a relay node RU2N in the base B side, and isstructured by the intermediate nodes RU22, RU23, . . . , and RU2 (N−1).

A third key transmission route RU3 is structured between a relay nodeRU31 in the base A side and a 20 relay node RU3N in the base B side, andis structured by the intermediate nodes RU32, RU33, . . . , and RU3(N−1).

In this example, the cryptographic key 132 is divided into threedispersed cryptographic keys 132 a, 132 b, and 132 c, which aretransmitted from the base A to the base B through key transmissionroutes RU1, RU2, and RU3, respectively. The cryptographic module 101 ofthe base A is transmitted to the cryptographic module 201 of the base Bthrough the encrypted data transmission system 300.

Note that, for easier understanding, the key shape is simply dividedinto three in the figure. However, there are various encryption methodsavailable, and division and dispersion are different, and the method ofgeneration of such cryptographic keys will be explained later.

On the other hand, the dispersed cryptographic keys (or dispersed randomnumber keys) 132 a, 132 b, and 132 c are transmitted from the keysharing module 102 to the relay nodes RU11, RU21, and RU31,respectively, forming their respective routes. Each of the relay nodesRU11, RU21, and RU31 is structured the same as the structure shown inFIGS. 2 and 5A. The key sharing module 102 of the base A includes threeCVQKD devices to transmit each of the relay nodes RU11, RU21, and RU31and the cryptographic keys 132 a, 132 b, and 132 c.

The intermediate nodes RU12, RU13, . . . , and RU1 (N−1), intermediatenodes RU22, RU23, . . . , and RU2 (N−1), and intermediate nodes RU32,RU33, . . . , and RU3 (N−1) are structured the same as the structureshown in FIGS. 2 and 5B. The key sharing module 202 includes three CVQKDdevices to receive the cryptographic keys 132 a, 132 b, and 132 c fromthe relay nodes RU1N, RU2N, and RU3N, respectively.

Note that, the number of the intermediate nodes can be optionallyadjusted based on a distance between the base A and the base B. Thus,the intermediate node may not necessary depending on cases, and therelay node in the base A side and the relay node in the base B side aredirectly connected in some cases. Furthermore, in the presentembodiment, since the mesh type quantum cryptographic distribution netis used, the number of routes can be changed.

FIG. 7 is a flowchart of a process performed in a case where acryptographic key is dispersed and dispersed cryptographic keys areallocated to a plurality of paths (routes). The process function isprovided within each of the key sharing modules 102 and 202.

The process function can be roughly divided into a quantum key sharingprocess block 710, cryptographic key generation block 720, cryptographickey dispersion process part 730.

The quantum key sharing process block 710 takes a command from an inputpart 71. Based on the command, the quantum key sharing process block 710prepares a plurality of optional routes to share a quantum key inadvance. For example, routes 1 to n are prepared. Information of eachroute is arrangement information of relay nodes and intermediate nodesbetween the bases A and B explained above, for example. The routes 1 ton are not used at the same time, and the quantum key sharing processblock 710 selects and specifies routes which have been least used amongthe routes 1, 2, 3, . . . , and n. Thus, profile information of eachroute includes information of use number.

Then, the cryptographic key generation block 720 generates, after aplurality of routes are specified, a cryptographic key used fordistribution from a base to another base.

Then, the cryptographic key dispersion process part 730 processes thecryptographic key as follows. Initially, the cryptographic key isdispersed (step 731). In the case, the number of dispersion is set tothe same number as the routes specified, and dispersed cryptographickeys are each stored in a memory. Note that the dispersion of thecryptographic key may be, as will be described later, regarded as aresult of generated random number.

Then, whether or not the dispersed cryptographic key remains in thememory is checked (step 732). If there is a remaining cryptographic key,a transmission route of the dispersed cryptographic key is selected, anda less-used route is selected, for example (step 733). Then, thedispersed key (quantum key to be shared) is transmitted to the selectedroute, and returns to step 732 (from step 734). Steps 732 to 734 arerepeated, and if there is no remaining dispersed key, an endnotification is output to an output part 72.

FIG. 8 is a flowchart of a process of collecting the cryptographic keysdispersed in a plurality of paths (routes) to restore the originalcryptographic key. The process is provided within the key sharingmodules 102 and 202.

The process block can be roughly divided into a quantum key sharingprocess block 810 and a dispersed cryptographic key restoring processpart 830.

The quantum hey sharing process block 810 takes a command from an inputpart 81. Based on the command, the quantum key sharing process block 810structures a plurality of routes (a plurality of routes prepared inadvance) to share a quantum key (as with the routes 1 to n of FIG. 7 ).Note that the information of the routes actually used is confirmedmutually between the bases A and B in advance.

The dispersed cryptographic keys taken from a plurality of routes areeach input into the dispersed cryptographic key restoring process part830. The restoring process part 830 determines whether or not all thedispersed cryptographic keys are received (step 831). If all the keysare received, a restoring process of the original key is performed usingthe dispersed cryptographic keys (step 833). If all the dispersedcryptographic keys are not collected in step 831, reception of thedispersed cryptographic keys is waited, and then, the process returns tostep 831 (steps 831 and 832).

In step 833, if all the dispersed cryptographic keys are collected, andthe original cryptographic key is restored, and then, the cryptographickey is given to the cryptographic module 201 to perform restoration ofthe encrypted data. That is, the cryptographic communication betweenusers is started (step 834). The information indicative of the start ofcryptographic communication is output from an output part 82.

FIG. 9 illustrates how the aforementioned routes are structured (methodof structuring a plurality of routes: static type). In the example ofFIG. 7 , the routes from the base A to the base B are determined inadvance; however, in FIG. 9 , a structuring method of each route will beexplained.

First, as a premise, a route management server 1000 is arranged on thecloud, and stores node information on the routes in the database. Thatis, the route management server 1000 manages many nodes structuring thequantum cryptographic distribution net, and includes positional(address) information of each node on the distribution net (or may bereferred to as cross points information of three-dimensional matrixnet). Each node includes a selector which can connect to or shut off anyof the other nodes existing immediately close thereto, and a selectorcontrol circuit. Then, the control circuit of the nodes address of whichare specified by the route management server 1000 can be put in astandby mode to structure a part of the route by selecting an input sidenode and an output side node based on a command from the server 1000 tostructure a part of the route.

Referring to FIG. 9 , an example where a plurality of routes arestructured from the base A to the base B will be explained. Hereinafter,an operation based on commands from the route management server 1000will be explained.

Upon receipt of, for example, notification from the base A, the relaynode RU11 sends a link request information to the route managementserver 1000. The link request information includes informationindicative of the base B as a communication party and information of thenumber of communication routes.

The route management server 1000 specifies the intermediate node RU12next to the relay node RU11 and designates the relay node RU11 as a linkdestination. Thereby, the intermediate node RU12 is linked with therelay node RU11. Next, the route management server 1000 specifies theintermediate node RU13 and designates the intermediate node RU12 as alink destination. Thus, the intermediate node RU12 and the intermediatenode RU13 are linked. As above, routes are successively structured, anda path to an intermediate node RU1 (N−1) (which is not shown), which isone node before the relay node RU1N next to the base B, is formed.

Then, the route management server 1000 specifies the relay node RU1N anddesignates the intermediate node RU1 (N−1) as a link destination. Then,the relay node RU1N is linked to the intermediate node RU1 (N−1).Furthermore, the route management server 1000 notifies that the firstroute is structured to the relay node RU11, base A, and base B (912 and913).

Then, the system starts the structure of the second route. Themanagement server 1000 specifies the relay node RU21 and designates thebase A as a link destination. Thus, the base A and the top relay nodeRU21 in the second route are linked. Then, the route management server1000 specifies the intermediate node RU22 and designates the relay nodeRU21 as a link destination. Thus, the intermediate node RU22 and therelay node RU21 are linked. As above, the second route is successivelystructured, and a path to the intermediate node RU2 (N−1), which is onenode before the relay node RU2N next to the base B is formed.

Then, the management server 1000 specifies the relay node RU2N anddesignates the intermediate node RU2 (N−1) (which is not shown) as alink destination. Then, the relay node RU2N is linked to theintermediate node RU2 (N−1). Furthermore, the route management server1000 notifies that the first route is structured to the relay node RU21,base A, and base B (912 and 913).

Then, third route, fourth route, and the like are structured in asimilar manner, and the route structuring process stops when thedesignated number of routes is met.

The aforementioned setting type of key transmission path (route) is astatic type; however, it may be a dynamic type. Furthermore, varioussetting types are adoptable instead of the aforementioned procedure.

FIG. 10 illustrates a type of setting the key transmission path (route),which is a dynamic type. In the structuring method of the keytransmission route, each node is supposed to hold route information.

First, the route information is link data to designate a node to beselected next in order to become closer to a desired relay node (desiredbase) from the current position, for example. There are multiple relaynodes set, and a next node address (link data) to become closer to eachrelay node is stored in the memory in advance. Thus, the link formationcommand data (link request data) includes identification data of thebase which is the original sender, addresses (identification data) ofrelay nodes in the proximity of the sender base, identification data ofthe base in the receiver side, and addresses (identification data) ofrelay nodes in the proximity of the receiver base. Each node istransferred for successively structure the route. Thus, the nodesstructuring the route can recognize from which base to which base theroute is structured.

Referring to FIG. 10 , the base A requests the closest relay node RU11to form the link of a first route (route 1) (give link request data)(step R1S0). Then, the relay node RU11 selects, for example, theintermediate node RU12, forms a link thereto, and gives the link requestdata to the intermediate node RU12 (step R1S1). Then, the intermediatenode RU12 selects a next intermediate node, forms a link thereto, andgives the link request data to the next intermediate node (step R1S2).As above, links are formed successively, and when the route isstructured to the relay node RU1N, the relay node RU1N performsnotification of completion of structure of the first route with respectto the relay node RU11 (step R1S3). In this step, the notification issent to the base A. Furthermore, the relay node RU1N performsnotification of completion of structure of the first route with respectto the base B (step R1SN). Then, structure of a second route is started.

The base A requests the closest relay node RU21 to form the link of asecond route (route 2) (give link request data) (step R2S0). Then, therelay node RU21 selects, for example, the intermediate node RU22, formsa link thereto, and gives the link request data to the intermediate nodeRU22 (step R2S1). Then, the intermediate node RU22 selects a nextintermediate node, forms a link thereto, and gives the link request datato the next intermediate node (step R2S2). As above, links are formedsuccessively, and when the route is structured to the relay node RU2N,the relay node RU2N performs notification of completion of structure ofthe second route with respect to the relay node RU21 (step R2S3). Inthis step, the notification is sent to the base A. Furthermore, therelay node RU2N performs notification of completion of structure of thesecond route with respect to the base B (step R2SN). Then, structure ofa third route, a fourth route, and the like is performed in a similarmanner.

FIGS. 11, 12, and 13 illustrate various examples of combinations ofCVQKD devices and BB84QKD devices in the relay nodes and theintermediate nodes. In each example, three routes are structured;however, the number of routes is not limited.

The embodiment of FIG. 11 is structured with relay nodes C, E, and Gconnected to CVQKD devices 102 a, 102 b, and 102 c in the base A,respectively, where the nodes are structured with CVQKD devices andBB84QKD devices. Each CVQKD device in the relay nodes C, E, and G isconnected to each of CVQKD devices 102 a, 102 b, and 102 c.

On the other hand, the relay nodes D, F, and H connected to CVQKDdevices 202 a, 202 b, and 202 c in the base B, respectively, arestructured with CVQKD devices and BB84QKD devices. In this case, eachCVQKD device in the relay nodes D, F, and H is connected to each ofCVQKD devices 202 a, 202 b, and 202 c in the base B. Intermediate nodesX, Y, and Z connecting between the relay nodes C, E, and G and the relaynodes D, F, and H are each structured with the BB84QKD device.

The embodiment of FIG. 12 is structured with nodes (CVQKD nodes) J, K,and L connected to CVQKD devices 102 a, 102 b, and 102 c in the base A,where the nodes are structured with the same type CVQKD devices. On theother hand, the relay nodes D, F, and H connected to the CVQKD devices202 a, 202 b, and 202 c in the base B are structured with CVQKD devicesand BB84QKD devices (as with the case of FIG. 11 ). The relay nodes C,E, and G between the relay nodes D, F, and H corresponding to the nodesJ, K, and L are structured with CVQKD devices in the base A side, andBB84QKD devices in the base B side.

The embodiment of FIG. 13 is structured with CVQKD nodes connected toCVQKD devices 102 a, 102 b, and 102 c in the base A, where the nodes arestructured with the same type CVQKD devices.

On the other hand, in the base B, a CVQKD device is not utilized, andBB84QKD devices 202 d, 202 e, and 202 f are disposed. Thus, in threeroutes closest to the base B, nodes (BB84QKD nodes) X, Y, and Z are eachstructured with a BB84QKD device.

The relay nodes C, E, and G between the nodes J, K, and L and nodes X,Y, and Z are each structured with the CVQKD device (in the base A side)and the BB84QKD device (in the base B).

As described above, various combinations of CVQKD device and BB84QKDdevice are adoptable in the relay and intermediate nodes.

Considering the aforementioned structure and the whole embodiments, thecombination of the CVQKD devices and the BB84QKD devices may beinterpreted as a first quantum cryptographic communication device bywhich CVQKD devices are applicable to a front end, and a second quantumcryptographic communication device by which BB84QKD devices areapplicable to a back end.

Incidentally, in the present system, the cryptographic key is generatedby a key sharing module. There are various methods of generation of thecryptographic key, and several examples thereof will be explained below.

FIG. 14 illustrates a method of generation of a cryptographic key(hereinafter referred to as random number key) 132 in the key sharingmodule 102, and an example of encryption of plaintext data 131 in thebase A. Note that, the cryptographic communication system of FIG. 6 isused for the explanation below.

Now, random number keys divided into three (divided cryptographic keysexplained above) are referred to as random number key 1, random numberkey 2, and random number key 3. In the key sharing module 102 in thebase A,

Random number key 1 XOR random number key 2 XOR random number key 3 iscalculated to obtain random number key (cryptographic key) 132.

On the other hand, in the cryptographic module 101,

Random number key 132 XOR plaintext data 131 is calculated to obtain theencrypted data 302.

In this example, the cryptographic communication system generates theencrypted data 302 wherein a plurality of divided data of the randomnumber key and the plaintext data 131 are overlapped through Vernamcipher, and thus, even if an invalid interceptor may intrude into any ofthe intermediate nodes and steal a part of the divided data, a part ofthe encrypted data 302 communicated between the bases A and B throughthe Internet (encrypted data transmission system 300) cannot bedecrypted.

Furthermore, in this example, in the cryptographic communication system,based on a premise that overlapping through Vernam cipher is performedbetween the base A and the base B, data necessary for generation of thewhole random number key is divided to a plurality of paths (routes) andtransmitted/received therebetween, and thus, the random number key(cryptographic key) is shared. Thereby, even if an invalid interceptormay intrude into any of the intermediate nodes on a route, and steal apart of the data necessary for the generation of the random number key,an invalid interceptor cannot decrypt the random number key.

FIG. 15 and FIGS. 16A and 16B illustrate another method of generationand restoration of dispersed cryptographic keys. FIG. 15 illustrates anexample of method of generation of random number key 132 in the keysharing modules 102 and 202 in the cryptographic communication system.In this example, random number key 132 (=132 a, 132 b, and 132 c) isgenerated based on dispersion number 3, threshold 3 ramp type secretdispersion (in this example, (threshold K=3, L=2, dispersion number N=3)ramp type secret dispersion). In the ramp type secret dispersion, evenif one of the three dispersed data (dispersed cryptographic keys) 132 a,132 b, and 132 c is intercepted, the data restoration cannot beperformed. Furthermore, in this example, a ratio of random number (dummydata, that is, disposable physical random number) to plaintext (in thisexample, common key, that is, physical random number used as randomnumber key 132) is 1:2. In the ramp type, a ratio of random number toplaintext is changeable, and if the ratio of random number to plaintextis (Threshold−1):1, it is specifically referred to as complete secretdispersion.

Now, considered is a case where the key sharing module 102 has aphysical random number 2000. Then, the key sharing module 102 recognizesthe physical random number as original data 2001, and a dispersionprocess by threshold 3 ramp type secret dispersion is performed. Then,the key sharing module 102 regards the dispersion generates optionallygenerated random numbers (random number key 1, random number key 2, andrandom number key 3). In other words, it is the cryptographic key(random number key) in which the random number key 1, random number key2, and random number key 3 are regarded to be dispersed.

That is, the key sharing module 102 does not actually generatedispersion data (dispersed cryptographic keys) 132 a, 132 b, and 132 cby secret dispersion in this example. Thus, quantum keys generated by aquantum key distribution function may be utilized for the dispersiondata 132 a, 132 b, and 132 c, and efficiency of the physical randomnumber generation is increased.

As above, the present system has characteristics which are not utilizedin the data transmission using a simple secret dispersion. Note that,the random number optionally generated here (random number key 1, randomnumber key 2, and random number key 3) may be dispersed by a secretdispersion method into dispersed data 132 a, 132 b, and 132 c; however,in that case, the key sharing module 102 must generate a physical randomnumber for the original data in addition to the quantum key (physicalrandom number) generated by the quantum key delivery function, and thus,efficiency of the physical random number generation is decreased.

The dispersion process of threshold 3 ramp type secret dispersion isfurther explained. Initially, the original data is divided to the numberof threshold. For example, when the original data 2001 is 1 to 15, it isdivided into a group of 1, 4, 7, 10, and 13, group of 2, 5, 8, 11, and14, and group of 3, 6, 9, 12, and 15. FIG. 15 illustrates each groupafter dividing is represented in a row.

Then, when three dispersed data are generated, in dispersion (2), thesecond row is shifted by one column, and in dispersion (3), the thirdrow is shifted by one column, and then, convolution by exclusive-or isperformed with respect to each of dispersions (1) to (3). Note that, theconvolution is not limited to exclusive-or, and may be calculated by apolynomial, or may be addition or subtraction.

After generating the random number, the key sharing module 102 of thebase A regards the random number as dispersed data obtained through theaforementioned process (dispersion process by threshold 3 ramp typesecret dispersion). That is, the key sharing module 102 generates aplurality of random number columns (random number key 1, random numberkey 2, and random number key 3), and regards each random number columnas dispersed data. The key sharing module 102 allocates the randomnumbers (dispersed data 19) to per random number column in differentroutes to be transmitted to the base B.

FIGS. 16A and 16B illustrates an example of a method of acquiring, thatis, a method of restoration of the random number key 132 by the keysharing modules 102 and 202 in the cryptographic communication systemwhich distribute the cryptographic key (random number key) as above.

The key sharing modules 102 and 202 use three dispersed data (inreality, simple random numbers) to execute the restoration process bydispersion number 3, threshold 3 ramp type secret dispersion (in thisexample, (Threshold K=3, L=2, dispersion number N=3) ramp type secretdispersion) (calculation 2010 of FIG. 16B). By the restoration,aforementioned 1 to 15 are obtained as the hypothetical physical randomnumber original data 2001.

Note that, if the restoration process as above is performed withoutperforming the dispersion process by the secret dispersion method, data(original data) of a part of a layer (row) of partial dispersed data ismismatched (when all dispersed data are restored into original data,original data does not match in several dispersed data). In order toprevent mismatch, different random numbers (xl to x5) are regarded to beXORed in the partial dispersed data. This fact should be regarded asbeing shared in advance between the key sharing module 102 and the keysharing module 202. Note that, by determining which dispersed data areused to generate the original data in advance or dynamically between thekey sharing module 102 and the key sharing module 202, at least theoriginal data generated by the key sharing module 102 and the keysharing module 202 match, and such mismatch is not a problem. Note that,even if there is partial mismatch, the restoration process by the secretdispersion method is performed regarding the physical random numbers(random number key 1, random number key 2, and random number key 3), andthus, the security is sufficient.

In this example, ratio of random number to plaintext is 1:2, and thus,the key sharing module 202 excludes group of 1, 4, 7, 10, and 13(preliminarily determined one row) from the restored original data 1 to15 as dummy data (disposable physical random number), and extracts 2, 3,5, 6, 8, 9, 11, 12, 14, and 15 to generate the random number key 132 tobe delivered to the base B.

In the complete secret dispersion, ratio of ransom number to plaintextis (threshold−1:1) (2:1), and thus, the key sharing module 102 excludes1, 2, 4, 5, 7, 8, 10, 11, 13, and 14 (preliminarily determined two rows)as dummy data (disposable physical random number), and extracts 3, 6, 9,12, and 15 (preliminarily determined one row) to generate the randomnumber key 132 to be delivered to the base B.

On the other hand, in the key sharing module 202 which received thedispersed data 132 a, 132 b, and 132 c from a terminal node C131, thesame calculation as in the key sharing module 102 is performed togenerate a random number key 132 used in the base B. The random numberkey 132 generated by the key sharing module 102 and the random numberkey 132 generated by the key sharing module 202 are the same. In otherwords, the random number key (cryptographic key) in the bases A and B isthe shared random number key 132.

FIG. 17 illustrates an example of encryption of the plaintext data 131in the base A.

In the base A,

-   -   Random number key 132 XOR plaintext data 131 is calculated to        obtain encrypted data 302.

As above, by delivering a plurality of dispersed data 132 a, 132 b, and132 c regarded as being dispersed by the ramp type secret dispersionmethod (in reality, simple random numbers), even if an invalidinterceptor may intrude into any of the intermediate nodes on a route,and steal a part of the dispersed data, information of random number keyis not leaked. Thus, even a part of the encrypted data 302 communicatedbetween the bases A and B through the Internet cannot be decrypted.

As above, between the bases A and B (sender node and receiver node),based on a premise that the restoration process by the secret dispersionmethod is used, the data necessary for the generation of the randomnumber key 132 is divided to a plurality of paths (routes) to betransmitted/received to share the random number key 132 (common key). Inthis system, even if an invalid interceptor may intrude into any of theintermediate nodes on a route, and steal a part of the data necessaryfor the generation of the random number key, such an invalid interceptorcannot decrypt the cryptographic key, and the communication of users canbe secured. Furthermore, the dispersion number is 3 as with thethreshold in this example; however, if the dispersionnumber=threshold+α(α=1, 2, 3, . . . ), the random number key 16 can begenerated even if (dispersion number−threshold) dispersed data isvanished, and thus, even if an error occurs in some of the intermediatenodes, the terminal node C131, base A, and base B can share the randomnumber key 132 without any problem.

Note that, in the aforementioned explanation, hypothetical original datais given, restoration by the dispersion number 3, threshold 3 ramp typesecret dispersion is executed, and if a ration of random number toplaintext is 1:2, one row (within three rows) is excluded from dataobtained by the restoration as a random number (dummy data), and two rowdata is used as the random number key 16. Here, if theinformation-theoretic security is given up, all the data obtained by therestoration may be used as plaintext (random number key 132), or not allof one row but a part of the row may be used as a random number. In thatcase, although the information-theoretic security is not secured,combinations of operators to obtain the original data are vast, and theuser cryptographic communication is sufficiently secured. In that case,consuming amount of random numbers can be greatly reduced. Thus,transfer rate is improved accordingly.

If threshold is 2, in order to secure the information-theoreticsecurity, a ratio of random number to plaintext needs to be 1:1;however, as mentioned above, if the information-theoretic security isgiven up, all of the data obtained from the restoration may be used asplaintext, or, not all of one row (of two rows) but a part of the rowmay be used as the random number. In that case, although theinformation-theoretic security is not secured, combinations of operatorsto obtain the original data are vast, and the user cryptographiccommunication is sufficiently secured. Thus, the consuming amount ofrandom numbers can be greatly reduced. Note that, the secret dispersionmethod which can be used is not limited to the above examples, andsecret dispersion methods by other exclusive-or and secret dispersionmethods by polynomial can be used.

Referring to FIGS. 18 and 19 , a method of generation of the randomnumber key 132 by threshold 2 secret dispersion will be explained. FIG.18 illustrates an example of a method of generation of the random numberkey 132 by threshold 2, dispersion number 3 secret dispersion.

The key sharing module 102 includes a hypothetical physical randomnumber. Furthermore, the key sharing module 102 regards the physicalrandom number as the original data, and performs the dispersion processby the threshold 2 secret dispersion method. The key sharing module 102regards that an optionally generated random number (random number key 1,random number key 2, and random number key 3) is obtained through thedispersion process. That is, the key sharing module 102 does notactually generate the dispersed data 132 through the secret dispersion.The present system has characteristics which do not appear in the datatransfer using a simple secret dispersion. As described above, thesecret dispersion process may be actually performed, but in that case,efficiency of the physical random number generation is lowered.

The threshold 2 secret dispersion is further explained. Initially, theoriginal data are divided into the number of threshold. For example, ifthe original data is 1 to 14, the data is divided into a group of 1, 3,5, 7, 9, 11, and 13 and a group of 2, 4, 6, 8, 10, 12, and 14. FIG. 18represents each group after division as a row.

Then, when the generation of three dispersed data is performed, indispersion (2), second row is shifted by one column, and in dispersion(3), second row is shifted by two columns, and then, convolution byexclusive-or is performed with respect to each of dispersions (1) to(3). Note that, the convolution is not limited to exclusive-or, and maybe calculated by a polynomial, or may be addition or subtraction.

After generating the random number, the key sharing module 102 regardsthe random number as dispersed data obtained through the aforementionedprocess (dispersion process by threshold 2 secret dispersion). The keysharing module 102 allocates the random numbers (dispersed data 132) toper random number column (random number key 1, random number key 2, andrandom number key 3) in different routes to be transmitted to the keysharing module 202.

FIGS. 19A and 19B illustrates an example of a method of generation(restoration process) of the random number key 132 by the threshold 2secret dispersion.

The key sharing module 202 uses two dispersed data A and C (in reality,simple random numbers) to execute the restoration process by dispersionnumber 3, threshold 2 secret dispersion (calculation 2020 of FIG. 19B).By the restoration, the aforementioned hypothetical physical randomnumber original data 1 to 14 are obtained.

Note that, with the threshold 2, dispersion number 2 ramp type secretdispersion, a mismatch does not occur in the restoration. However, ifthreshold 2, dispersion number 2+α (α=1, 2, 3, . . . ) secret dispersionis utilized for the restoration, as with the aforementioned dispersionnumber 3, threshold 3 ramp type secret dispersion, data of partial layerof a part dispersion data mismatch. Thus, as with the case of theaforementioned dispersion number 3, threshold 3 ramp type secretdispersion, preliminarily shared different random numbers are regardedto be overlapping.

Through the generation of the random number key 16 by the threshold 2secret dispersion, the cryptographic communication system of the secondembodiment delivers a plurality of dispersed data (actually, simplerandom numbers) regarded as being dispersed by the secret dispersion,even if an invalid interceptor may intrude into any of the intermediatenodes on a route, and steal a part of the dispersed data 19, a part ofthe encrypted data 303 communicated between the bases A and B on theInternet 300 cannot be decrypted. Furthermore, in this example,threshold is 2 and dispersion number is 3, and thus, the random numberkey 132 can be generated even if (dispersion number−threshold)=onedispersion data is vanished. Thus, even if an error occurs in some ofthe intermediate nodes, the key sharing module 102 and the key sharingmodule 202 can share the random number key 132 without any problem. Notethat, for simpler explanation, the secret dispersion method of FIGS. 18,19A and 19B is used in this example; however, the secret dispersionmethod which can be used is not limited to the above examples, andsecret dispersion methods by other exclusive-or and secret dispersionmethods by polynomial can be used.

Technical features of the aforementioned embodiments will be notedbelow. First, the structures of the bases A and B will be explained.

A1) According to an embodiment, a device A of a user base includes acryptographic module 101 to transmit encrypted data, and a key sharingmodule 102 including a function to restore and disperse a cryptographickey used to generate the encrypted data. Then, the key sharing module102 includes a plurality of CVQKD devices 102 a and 102 b to deliver aplurality of random number keys dispersed from the cryptographic keyinto different routes and to receive the dispersed cryptographic keyssent from the different routes, wherein the CVQKD devices 102 a and 102b are quantum-connected to a CVQKD device in a relay node provided witheach of the different routes.

Furthermore, the CVQKD devices 102 a and 102 b are connected to adispersion/restoration circuit 102 c of the cryptographic key in orderto disperse the cryptographic key and to restore the dispersedcryptographic keys.

A2) The key sharing module 102 transmits the dispersed cryptographickeys (random number keys) through a secret dispersion method withrespect to the different routes.

A3) The different routes are a quantum cryptographic distribution net inwhich a plurality of nodes are arranged in a mesh manner.

A4) The different routes are a quantum cryptographic distribution net inwhich a plurality of nodes are arranged in a mesh manner, and the keysharing module 102 designates any of the nodes of the quantumcryptographic distribution net, and includes a processor for structuringpaths to distribute the dispersed cryptographic keys.

B1) According to another embodiment, a cryptographic communicationsystem includes a first base A and a second base B connected with eachother by an encrypted data transmission system, and the first base Aincludes a plurality of CVQKD devices to deliver dispersed cryptographickeys to the second base B, wherein the CVQKD devices are connected to aplurality of cryptographic key distribution routes.

In a middle of the cryptographic key distribution routes, a relay nodeintegrally includes a CVQKD device in the delivery route and a BB84QKDdevice to process an output of the CVQKD device by BB84 protocol to beoutput to the base B.

B2) A cryptographic communication method, in which dispersedcryptographic keys are distributed using the cryptographic communicationsystem, the CVQKD devices in the base, and the relay nodes, is provided.

B3) The first base A includes first and second CVQKD devices 102 a and102 b to deliver the dispersed cryptographic keys to the second base B,wherein the first and second CVQKD devices 102 a and 102 b are connectedto third and fourth CVQKD devices 441 and 611 in first and second relaynodes disposed in the first and second cryptographic key distributionroutes.

B4) The first and second relay nodes include BB84QKD devices 412 and 612to receive outputs from the third and fourth CVQKD devices 441 and 611.

B5) The cryptographic key distribution routes are a quantumcryptographic distribution net in which a plurality of nodes arearranged in a mesh manner.

B6) Means of delivering a plurality of random number keys dispersed fromthe cryptographic key into different routes and receiving the dispersedcryptographic keys sent from the different routes is the key sharingmodule 102, and the cryptographic key distribution routes are a quantumcryptographic distribution net in which a plurality of nodes arearranged in a mesh manner, and

-   -   the key sharing module sends dispersed cryptographic keys        (random number keys) through a secret dispersion method with        respect to the cryptographic key distribution routes.

While certain embodiments have been described, these embodiments havebeen presented by way of example only, and are not intended to limit thescope of the inventions. Indeed, the novel embodiments described hereinmay be embodied in a variety of other forms; furthermore, variousomissions, substitutions and changes in the form of the embodimentsdescribed herein may be made without departing from the spirit of theinventions. The accompanying claims and their equivalents are intendedto cover such forms or modifications as would fall within the scope andspirit of the inventions.

Furthermore, even if each structural element of the claims is expressedas divided, or integrated with another structural element, or combinedwith another structural element, such expression is deemed within thescope of the invention. Furthermore, multiple embodiments may becombined, and examples realized by such a combination is within thescope of the invention.

Furthermore, figures may be schematically illustrated for furtherclarification of the explanation, and thus, width, thickness, shape, andthe like are different from those of the actual embodiments.Furthermore, the present invention is applicable to a case where a claimis represented as a control logic, or as program includingcomputer-executable instructions, or as computer readable recordingmedium describing the instructions. Furthermore, names and terms used inthe claims are not limited thereto, and as long as the same contents andthe same concepts are substantially kept, other expressions are deemedwithin the scope of the invention.

What is claimed is:
 1. A user base device comprising a cryptographicmodule configured to transmit encrypted data and a key sharing moduleconfigured to restore and disperse a cryptographic key used to generatethe encrypted data, wherein the key sharing module includes a quantumcryptographic communication device applicable to a plurality of frontends in order to deliver a plurality of random number keys which arebased on the dispersed cryptographic key in different routes and toreceive the dispersed cryptographic key delivered through the differentroutes, the quantum cryptographic communication device applicable to thefront ends are quantum-connected to a quantum cryptographiccommunication device applicable to a frontend in a relay node providedwith each of the different routes, and the quantum cryptographiccommunication device applicable to the front ends are connected to acryptographic key dispersion/restoration circuit in order to dispersethe cryptographic key and to restore the dispersed cryptographic key. 2.The user base device of claim 1, wherein the key sharing module sends acryptographic key (random number key) dispersed by a secret dispersionmethod through the different routes.
 3. The user base device of claim 1,wherein the different routes are a quantum cryptographic distributionnet in which a plurality of nodes are arranged in a mesh manner.
 4. Theuser base device of claim 1, wherein the different routes are a quantumcryptographic distribution net in which a plurality of nodes arearranged in a mesh manner, and the key sharing module specifies any ofthe nodes of the quantum cryptographic distribution net, and includes aprocessor for structuring paths to distribute the dispersedcryptographic keys.
 5. A cryptographic communication system comprising afirst base and a second base connected with each other through anencrypted data transmission system, wherein the first base includes aquantum cryptographic communication device applicable to a plurality offront ends in the base in order to deliver a plurality of dispersedcryptographic keys to the second base, and the quantum cryptographiccommunication device applicable to the front ends is connected to aplurality of cryptographic key distribution routes, and in a halfwaythrough each of the cryptographic key distribution routes, a relay nodeintegrally including a quantum cryptographic communication deviceapplicable to a front end in the distribution route and a quantumcryptographic communication device applicable to a backend to process anoutput of a cryptographic communication device applicable to the frontend and to output the processed output to the second base, is disposed.6. The cryptographic communication system of claim 5, wherein the firstbase includes a quantum cryptographic communication device applicable tofirst and second front ends in the base in order to deliver a pluralityof dispersed cryptographic keys to the second base, and the quantumcryptographic communication device applicable to the first and secondfront ends is connected to a quantum cryptographic communication deviceapplicable to third and fourth front ends in first and second relaynodes arranged in the first and second cryptographic key distributionroutes.
 7. The cryptographic communication system of claim 6, whereinthe first and second relay nodes include a quantum cryptographiccommunication device applicable to a backend which receives an output ofthe quantum cryptographic communication device applicable to the thirdand fourth front ends.
 8. The cryptographic communication system ofclaim 1, wherein the cryptographic key distribution routes are a quantumcryptographic distribution net in which a plurality of nodes arearranged in a mesh manner.
 9. The cryptographic communication system ofclaim 5, wherein means to deliver a plurality of random number keyswhich are the dispersed cryptographic keys through a plurality ofcryptographic key distribution routes and to receive the dispersedcryptographic keys sent from the cryptographic key distribution routesincludes a key sharing module, the cryptographic key distribution routesare a quantum cryptographic distribution net in which a plurality ofnodes are arranged in a mesh manner, and the key sharing module sends acryptographic key (random number key) dispersed by a secret dispersionmethod through the different routes.
 10. A cryptographic communicationmethod using a user base device including a cryptographic module totransmit encrypted data and a key sharing module having a function torestore and disperse a cryptographic key used to generate the encrypteddata, the method comprising: using a quantum cryptographic communicationdevice applicable to a plurality of front ends to deliver a plurality ofrandom number keys which are cryptographic keys dispersed by the keysharing module through different routes and to receive the dispersedcryptographic keys sent from the different routes; and by the keysharing module, performing quantum distribution of the dispersedcryptographic keys with respect to a quantum cryptographic communicationdevice applicable to a front end in each of a plurality of relay nodesprovided with each of the different routes through the quantumcryptographic communication device applicable to the front ends; andrestoring the dispersed cryptographic keys quantum-received from thequantum cryptographic communication device applicable to the front endin each of the relay nodes through the quantum cryptographiccommunication device applicable to the front ends by adispersion/restoration circuit of the cryptographic key.
 11. Acryptographic communication method comprising a first base and a secondbase connected with each other through an encrypted data transmissionsystem, wherein the first base includes a quantum cryptographiccommunication device applicable to a plurality of front ends in the basein order to deliver a plurality of dispersed cryptographic keys to thesecond base, and the quantum cryptographic communication deviceapplicable to the front ends is connected to a plurality ofcryptographic key distribution routes, and in a halfway through each ofthe cryptographic key distribution routes, a relay node integrallyincluding a quantum cryptographic communication device applicable to afront end in the distribution route and a quantum cryptographiccommunication device applicable to a backend to process an output of acryptographic communication device applicable to the front end and tooutput the processed output to the second base, is disposed.